Google will cull out-of-date Play store apps in bid to improve Android security
The rules will take effect later this year and could see unsupported apps de-listed from the store
Android has announced a new Play store security policy that will force developers to update older apps to avoid their software being removed.
With each version of Android, new and more stringent security policies are introduced to improve the security of the Android ecosystem. Following this approach, Android will now require all apps to target an API level that’s within two years of the most recent version.
An existing policy states that any new app being added to the Play store, or an existing app that is being updated, needs to target an API level that’s within one year of the current version. The latest policy is an expansion of this, targeting older apps that have not been updated in some time.
This means that any older app will need to be updated to target an API level within two years of Android 12 in order to remain discoverable on the Google Play store, and to be able to be installed by users.
The new requirements will take effect on 1 November 2022 and as new Android versions are released the requirement window will adjust accordingly, Android said.
“The rationale behind this is simple. Users with the latest devices or those who are fully caught up on Android updates expect to realise the full potential of all the privacy and security protections Android has to offer,” said Krish Vitaldevara, director of product management at Android, in a blog post.
“Expanding our target level API requirements will protect users from installing older apps that may not have these protections in place.”
The discovery of malware affecting Android devices is a relatively common occurrence in the cyber security industry, and the new security policy will aim to make this more of a rarity.
In the space of a week, numerous reports of new Android malware strains have hit various media outlets, including a Russian-linked Android malware called Process Manager. Discovered by Lab52, the malware is capable of sending and reading SMS messages, plus recording a device’s audio.
At the end of 2021, IT Pro reported that more than 300,000 Android users had downloaded a banking trojan from the Google Play store, with hackers managing to bypass the app store’s security detections.
Unified endpoint management solutions 2021-22
Analysing the UEM landscapeFree Download
Without giving specifics, Android said the “vast majority” of apps in the Google Play store are already compliant with the rules soon to be introduced.
Developers who are concerned about implementing the upcoming changes can consult Google’s technical guide, which details the steps that need to be taken for a successful migration.
A six-month optional extension can also be requested if developers can demonstrate they need more time in order to complete the migration to the target API level. The application form for this will be available in the Developer Play Console later this year, Android said.
2023 Strategic roadmap for data security platform convergence
Capitalise on your data and share it securely using consolidated platformsFree Download
The 3D trends report
Presenting one of the most exciting frontiers in visual cultureFree Download
The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana
Cost savings and business benefitsFree Download
Leverage automated APM to accelerate CI/CD and boost application performance
Constant change to meet fast-evolving application functionalityFree Download